Centraleyezer Shell Upload

2019.11.16
Credit: Omayr Zanata
Risk: High
Local: No
Remote: Yes
CWE: CWE-264


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

Centraleyezer: Unrestricted File Upload -[CVE-2019-12271] Sandline Centraleyezer (On Premises) allows unrestricted File Upload with a dangerous type, because the feature of adding “.jpg” to any uploaded filename is not enforced on the server side. The image upload is vulnerable to bypass, the file upload adds .jpg extension to every file sent, but on client side, so I could intercept the request and change it to .php. I uploaded a simple shell and was able to execute commands as user www-data on the server. more information: https://link.medium.com/Y2S4ZJbMy1


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top